Quick Start
1. Install the SDK
Section titled “1. Install the SDK”npm install @runplex/syloAgent Skill (optional)
Section titled “Agent Skill (optional)”If you use an AI coding agent (Claude Code, Cursor, VS Code Copilot, etc.), install the Sylo skill so your agent knows how to use the SDK:
npx skills add runplex/sylo2. Get your developer secret
Section titled “2. Get your developer secret”- Sign in to your Sylo dashboard
- Go to Settings
- Click Create secret
- Copy the
sylo_sk_...key — you won’t see it again
3. Set up your sandbox template
Section titled “3. Set up your sandbox template”Install the Sylo tunnel client at build time:
curl -fsSL https://sylo.runplex.dev/install | sudo bashThis downloads the tunnel client binary and init script. At runtime, init.sh activates the proxy.
4. Create a session and launch
Section titled “4. Create a session and launch”This example uses E2B as the sandbox provider, but Sylo works with any container runtime (Modal, Docker, Blaxel, etc.).
import { SyloClient, credential } from "@runplex/sylo";import { Sandbox } from "e2b";
const sylo = new SyloClient({ apiUrl: "https://sylo.runplex.dev", developerSecret: process.env.SYLO_SECRET,});
// Create session — credentials are encrypted, never enter the sandboxconst session = await sylo.createSandboxToken({ tenantId: "customer-123", expiresIn: "10m", credentials: [ credential("anthropic", process.env.ANTHROPIC_API_KEY!), ], policies: { default: "allow" },});
// sandboxEnv() returns all env vars including ANTHROPIC_API_KEY=sylo_cred:anthropicconst env = sylo.sandboxEnv(session);
const sandbox = await Sandbox.create("your-template", { envs: { ...env },});The credential() helper handles domain, header, prefix, and env var for 12 built-in services. MITM domains are auto-inferred from your credentials — no need to specify them.
5. The agent runs normally
Section titled “5. The agent runs normally”Inside the sandbox, the proxy is active. API calls go through Sylo transparently:
# Agent code — no Sylo awareness neededimport anthropic
# ANTHROPIC_API_KEY=sylo_cred:anthropic in the env# Sylo replaces it with the real key on the wireclient = anthropic.Anthropic()message = client.messages.create( model="claude-sonnet-4-20250514", max_tokens=1024, messages=[{"role": "user", "content": "Hello"}],)6. Query the audit log
Section titled “6. Query the audit log”const { events } = await sylo.queryAudit({ tenantId: "customer-123",});
for (const event of events) { console.log( `${event.method} ${event.destination}${event.path} → ${event.policyDecision}` );}// POST api.anthropic.com/v1/messages → allow (cred: anthropic)7. Revoke the session
Section titled “7. Revoke the session”await sylo.revokeSession(session.token);Sessions auto-expire based on expiresIn, but you can revoke early when the agent is done.
8. Save as a security profile (optional)
Section titled “8. Save as a security profile (optional)”For repeated use, save credentials + policies as a reusable profile:
const profile = await sylo.createProfile({ name: "my-agent", profileData: { credentials: [credential("anthropic", process.env.ANTHROPIC_API_KEY!)], policies: { default: "deny" }, },});
// Now sessions just reference the profileconst session = await sylo.createSandboxToken({ tenantId: "acme", securityProfile: "my-agent",});Profiles can also be managed in the dashboard.
Next steps
Section titled “Next steps”- Credential Injection — named credentials, multiple per domain
- Policy Enforcement — allow/deny rules, rate limiting
- Proxy Modes — tunnel vs proxy mode
- Self-Hosting — deploy on your own infrastructure